CVSS: 7.5EPSS: 6%CPEs: 104EXPL: 1CVE-2010-1635
https://notcve.org/view.php?id=CVE-2010-1635
17 Jun 2010 — The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. La función chain_reply de process.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2 permite a atacantes remotos provocar una denegación de servicio (referencia a pun... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d •
CVSS: 7.5EPSS: 5%CPEs: 104EXPL: 1CVE-2010-1642
https://notcve.org/view.php?id=CVE-2010-1642
17 Jun 2010 — The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. La función reply_sesssetup_and_X_spnego de sesssetup.c de smbd de Samba anterior a v3.4.8, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una lectura fuera de rango y ocasionar una denegación de servicio (caída... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 79%CPEs: 5EXPL: 1CVE-2010-2063 – Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2063
17 Jun 2010 — Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Desbordamiento de búfer en la implementación del paquete SMB1 en la función chain_reply en process.c en smbd en Samba v3.0.x anterior v3.3.13 permite a atacantes remotos causar una denegación de servicio (corrupción d... • https://www.exploit-db.com/exploits/16860 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0787 – samba: Race condition by mount (mount.cifs) operations
https://notcve.org/view.php?id=CVE-2010-0787
02 Mar 2010 — client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.0.22, v3.0.28a, v3.2.3, v3.3.2, v3.4.0, and v3.4.5 permite a usuarios locales montar un CIFS compartido en un punto de montaje arbitrario y ganar privilegios, a través de un ataque de enlace simbólico en un fiche... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 1%CPEs: 123EXPL: 0CVE-2010-0547 – samba: mount.cifs improper device name and mountpoint strings sanitization
https://notcve.org/view.php?id=CVE-2010-0547
04 Feb 2010 — client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. client/mount.cifs.c en mount.cifs en smbfs en Samba v3.4.5 y anteriores no verifica (1) el nombre de dispositivo (2) cadenas de puntos de montaje compuestas por varios caracteres lo que permite a usuarios locales causar una denegación de servicio... • http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a065c177dfc8f968775593ba00dffafeebb2e054 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
07 Oct 2009 — smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" impr... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2948 – samba: information disclosure in suid mount.cifs
https://notcve.org/view.php?id=CVE-2009-2948
07 Oct 2009 — mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. mount.cifs en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, cuando mount.cifs es instalado con el suid roo... • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 78EXPL: 0CVE-2009-2813 – Samba: Share restriction bypass via home-less directory user account(s)
https://notcve.org/view.php?id=CVE-2009-2813
14 Sep 2009 — Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba 3.4 en versiones anteriores a 3.4.2, ... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 2CVE-2009-1888 – Samba improper file access
https://notcve.org/view.php?id=CVE-2009-1888
24 Jun 2009 — The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite ... • http://secunia.com/advisories/35539 • CWE-264: Permissions, Privileges, and Access Controls •